[Owasp-leaders] Pentesting Google Cloud

Mauro Risonho de Paula mauro.risonho at owasp.org
Thu Oct 16 14:58:36 UTC 2014


Hi,

More articles about OpenVAS in my blog:

http://firebitsbr.wordpress.com/?s=openvas&x=0&y=0

@firebitsbr

On Thu, Oct 9, 2014 at 1:10 PM, Timur 'x' Khrotko (owasp) <timur at owasp.org>
wrote:

> Interestingly, I can't find similar blessing process on DO neither.
> However I could find an openvas guide by their own technical writer:
>
> https://www.digitalocean.com/community/tutorials/how-to-use-openvas-to-audit-the-security-of-remote-systems-on-ubuntu-12-04
> (which states: "It is important to not run these scans against targets
> that are not under your control, because they may look like potential
> attacks to other users.")
>
>
> On Thu, Oct 9, 2014 at 1:48 PM, Fabio Cerullo <fcerullo at owasp.org> wrote:
>
>> Thanks but the Google Bug Bounty program does not apply for apps
>> developed by third parties.
>>
>> If I upload an app to Google Cloud, I want to make sure all formal
>> processes are followed before attempting to pentest it. Amazon is quite
>> clear about the process as stated below, I'm just searching for same
>> process at Google.
>>
>> Regards
>> Fabio
>>
>> On Thu, Oct 9, 2014 at 12:37 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>
>>> Google has a bug bounty program with extensive rules of play.
>>>
>>> http://www.google.com/about/appsecurity/reward-program/
>>>
>>> Aloha,
>>> --
>>> Jim Manico
>>> @Manicode
>>> (808) 652-3805
>>>
>>> On Oct 9, 2014, at 7:34 AM, Fabio Cerullo <fcerullo at owasp.org> wrote:
>>>
>>> hi there,
>>>
>>> As you might know, Amazon requires anyone who wants to perform a pentest
>>> of an app hosted on their AWS to submit a pentest request form:
>>>
>>> http://aws.amazon.com/security/penetration-testing/
>>>
>>> However, I cannot find a similar process for Google Cloud Services.
>>>
>>> Any pointers are really appreciated.
>>>
>>> Thanks
>>> Fabio
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> This message may contain confidential information - you should handle it
> accordingly.
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20141016/73147ff1/attachment.html>


More information about the OWASP-Leaders mailing list